1 What is claimed is: 

2 1 . A method for persisting and recovering security keys in order to authorize a 

3 daemon or a command-line interface ("CLI"), comprising: 

4 reading, with root as an effective user id, one or more security keys into a 

5 cache, wherein the root enables the reading of files including the one or more 

6 security keys; 

7 attempting to retrieve a private key from the cache using a real user id, 

8 wherein the cached certain security keys may include the private key and the private 

9 key may be used to digitally sign a message; and 

10 determining if the private key was retrieved from the cache, wherein a 

1 1 failure to retrieve the private key from the cache indicates that authorization failed. 
12 

13 2. The method of claim 1 , further comprising: 

14 setting, with the root as the effective user id, the certain security keys, 

15 wherein the setting step triggers performance of the reading step. 
16 

17 3 . The method of claim 2, wherein the setting step comprises calling a setKeys 

1 8 method, wherein the setKeys method includes the reading step. 
19 

20 4. The method of claim 3, wherein a failure to retrieve the private key from the 

21 cache is caused by an error in the setKeys method. 
22 

23 5. The method of claim 1, further comprising: 

24 entering the CLI, wherein the CLI is entered by a non-root user on a 

25 managed node and the private key is a security key of the managed node. 
26 

27 6. The method of claim 5, wherein the managed node has a public key, the 

28 method further comprising: 

29 if the private key was retrieved from the cache, sending a message and a 

30 message copy, wherein the message copy is digitally signed with the private key 

3 1 from the managed node; 

32 digitally signing the message with the managed node's public key; 

33 comparing the message signed with the public key to the message copy 

34 signed with the private key; and 



11 



1 determining if the message is authorized based on the comparison of the 

2 message signed with the public key to the message copy signed with the private 

3 key. 
4 

5 7. The method of claim 6, wherein the message comprises an executable, the 

6 method further comprising: 

7 if the message is authorized, executing the executable. 
8 

9 8. The method of claim 1, further comprising: 

10 running a daemon process, wherein the daemon is run on a managed node 

1 1 and the private key is a security key of the managed node. 
12 

13 9. The method of claim 8, wherein the managed node has a public key, the 

14 method further comprising: 

15 if the private key was retrieved from the cache, sending a message and a 

16 message copy, wherein the message copy is digitally signed with the private key 

17 from the managed node; 

1 8 digitally signing the message with the managed node' s public key; 

19 comparing the message signed with the public key to the message copy 

20 signed with the private key; and 

21 determining if the message is authorized based on the comparison of the 

22 message signed with the public key to the message copy signed with the private 

23 key. 
24 

25 10. The method of claim 1, wherein the reading step is performed by an 

26 authentication class. 
27 

28 11. The method of claim 10, wherein the cache is a private variable in the 

29 authentication class. 
30 

31 12. The method of claim 1, further comprising: 

32 generating a security key pair, wherein the security key pair comprises the 

33 private key and a corresponding public key; 

34 serializing the security key pair as a key file; and 
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1 storing the key file, wherein the reading step comprises de-serializing the 

2 key file and reading the private key into the cache. 
3 

4 13. A computer readable medium containing instructions for controlling a 

5 computer system to persist and recover security keys in order to authorize a daemon 

6 or a CLI, by: 

7 reading, with root as an effective user id, one or more security keys into a 

8 cache, wherein the root enables the reading of files including the security keys; 

9 attempting to retrieve a private key from the cache using a real user id, 

10 wherein the cached one or more security keys may include the private key and the 

1 ] private key may be used to digitally sign a message; and 

12 determining if the private key was retrieved from the cache, wherein a 

1 3 failure to retrieve the private key from the cache indicates that authorization failed. 
14 

15 14. The computer readable medium of claim 13, further containing instructions 

1 6 for controlling the computer system by: 

1 7 setting, with the root as an effective user id, the security keys, wherein the 

1 8 setting step triggers the reading step. 
19 

20 15. The computer readable medium of claim 14, wherein the setting the security 

21 keys comprises calling a setKeys method, wherein the setKeys method that includes 

22 the reading step. 
23 

24 16. The computer readable medium of claim 1 3, wherein the computer system 

25 comprises a managed node and the managed node has a public key, the computer 

26 readable medium further containing instructions for controlling the computer 

27 system by: 

28 if the private key was retrieved from the cache, sending a message and a 

29 message copy, wherein the message copy is digitally signed with the private key 

30 from the managed node; 

3 1 digitally signing the message with the managed node's public key; 

32 comparing the message signed with the public key to the message copy 

33 signed with the private key; and 
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1 determining if the message is authorized based on the comparison of the 

2 message signed with the public key to the message copy signed with the private 

3 key. 
4 

5 17. A method for persisting and recovering security keys in order to authorize a 

6 daemon or a CLI, comprising: 

7 initializing an authentication class, wherein the authentication class 

8 comprises a setKeys method that includes a reading step; 

9 calling, with root as an effective user id, the setKeys method of the 

10 authentication class, wherein the root enables the reading of files including security 

1 1 keys; 

12 reading necessary security keys into a cache with the root; and 

13 retrieving the necessary security keys from the cache using a real user id. 
14 

15 18. The method of claim 17, wherein the cache is a private variable of the 

16 authentication class. 
17 

18 19. The method of claim 17, wherein the necessary security keys are a private 

1 9 key of a managed node on which the authentication class is running and a public 

20 key of a central management server to which the managed node is operatively 

21 connected. 
22 

23 20. The method of claim 17, wherein the authentication class is a Java class 

24 running in a Java Virtual Machine, the method further comprising: 

25 initializing the Java Virtual Machine. 
26 
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